French data regulator investigating Twitter security allegations

Get real time updates directly on you device, subscribe now.

PARIS — France’s data protection watchdog CNIL is investigating a whistleblower’s claims that Twitter made “egregious” misrepresentations to international regulators about its data security measures.

“The CNIL is currently studying the complaint filed to the [U.S.] Securities and Exchange Commission, the Federal Trade Commission and the U.S. Department of Justice,” the French agency said in a statement Wednesday. “If the accusations are correct, the CNIL could take action leading to legal proceedings or a sanction, if it’s clear there were breaches.”

The Washington Post first reported Tuesday that Twitter’s former head of security Peiter Zatko made the accusations in a complaint alleging that the tech company violated the terms of a settlement with the U.S. Federal Trade Commission by falsely claiming it had a solid security plan. Zatko also said that privacy should become Twitter’s No. 1 priority “in light of the egregious and ongoing misrepresentations to the FTC, French and Irish regulators,” according to the complaint.

A CNIL spokesperson said the regulator only learned of the allegations on Tuesday with the Washington Post report. Ireland’s data watchdog also met with Twitter representatives after the reports on Zatko’s claims.

One of Zatko’s alleged “misrepresentations” was an update to the platform late last year to comply with orders from the CNIL, which Zatko said was “blocked [from] rolling out” for a month “in order to extract maximum profit from French users.”

Twitter has denied Zatko’s allegations.